1 / 0

Backdoors: How Will Government Agencies Adapt to Cybersecurity on the Internet?

Backdoors: How Will Government Agencies Adapt to Cybersecurity on the Internet?. Professor Peter Swire Ohio State University Internet Law Scholars WIP New York Law School March 23 , 2012. The Research Project. Future of Privacy Forum – Government Access to Personal Information

elita
Download Presentation

Backdoors: How Will Government Agencies Adapt to Cybersecurity on the Internet?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Backdoors: How Will Government Agencies Adapt to Cybersecurity on the Internet?

    Professor Peter Swire Ohio State University Internet Law Scholars WIP New York Law School March 23, 2012
  2. The Research Project Future of Privacy Forum – Government Access to Personal Information New facts -- much higher adoption of encryption Puts pressure on government agencies, globally Description - how will they react? (today’s talk) What else follows? Prescription – what should law & policy be for lawful access? What other implications from high crypto adoption?
  3. Encryption Adoption VPNs Blackberry Gmail & Hotmail SSL pervasive (credit card numbers) Dropbox & many more Facebook enables HTTPS, may shift default Skype & other VoIP Result – interception order at ISP or local telco often won’t work
  4. Ways to Grab Communications Break the encryption (if it’s weak) Grab comms in the clear (CALEA) Grab comms with hardware or software before or after encrypted (backdoors) Grab stored communications, such as in the cloud My descriptive thesis: #4 is becoming FAR more important, for global communications Also, temptation to do more #2 and #3
  5. Wiretap on Copper Lines 3 Phone call Alice Local switch Telecom Company Local switch Phone call WIRETAP AT a’S HOUSE OR LOCAL SWITCH Bob
  6. Wiretap on Fiber Optic 3 CALEA in U.S. Build Wiretap ready Phone call Alice Local switch Telecom Company Local switch Voice Exception for IP Phone call Bob
  7. Internet as Insecure Channel Hi Bob! Alice Alice ISP %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% Internet: Many Nodes between ISPs %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% Bob ISP Hi Bob! Bob
  8. Problems with Weak Encryption Nodes between A and B can see and copy whatever passes through Many potential malicious nodes Strong encryption as feasible and correct answer US approved for global use in 1999 India, China new restrictions on strong encryption “Encryption and Globalization” says those restrictions are bad idea
  9. Where are the KEYS? Hi Bob! Encrypt Bob's public key Alice Encrypted message – %!#&YJ@$ – Alice's local ISP %!#&YJ@$ – Backbone provider %!#&YJ@$ – Bob's local ISP %!#&YJ@$ Hi Bob! Decrypt Bob's private key The KEYS are with the individuals Bob
  10. Ways to Grab Communications Break the encryption (if it’s weak) Grab comms in the clear (CALEA) Grab comms with hardware or software before or after encrypted (backdoors) Grab stored communications, such as in the cloud
  11. Limits of CALEA Applies to switched network & connect to that Bad cybersecurity to have unencrypted IP go through Internet nodes How deep to regulate IP products & services WoWjust a game? Will all Internet hardware & software be built wiretap ready? That would be large new regulation of the Internet Could mobilize SOPA/PIPA coalition
  12. Ways to Grab Communications Break the encryption (if it’s weak) Grab comms in the clear (CALEA) Grab comms with hardware or software before or after encrypted (backdoors) Grab stored communications, such as in the cloud
  13. Governments Install Software? Police install virus on your computer This opens a back door, so police gain access to your computer Good idea for the police to be hackers? Good for cybersecurity? Soghoian expert here
  14. Ways to Grab Communications Break the encryption (if it’s weak) Grab comms in the clear (CALEA) Grab comms with hardware or software before or after encrypted (backdoors) Grab stored communications, such as in the cloud
  15. Stored Records: The Near Future Global requests for stored records Encrypted webmail, so local ISP less useful Local switched phone network less useful Push for “data retention”, so police can get the records after the fact The “haves” and “have nots” Server in your jurisdiction Technically ahead of the curve MLATs and other upcoming legal battles
  16. Questions Going Forward Descriptive thesis correct? Big new focus on lawful access to stored records in the cloud? What global regime for this lawful access? What mix of backdoors and front doors? What other aspects of Internet governance affected by this adoption of encryption?
More Related